session_timeout: make sure remember_me's before_logout hook gets called

CHANGELOG.md

@@ -1,6 +1,7 @@
 # Changelog
 ## HEAD
 
+* Fix to invalidate sessions with remember_me cookie [#358](https://github.com/Sorcery/sorcery/pull/358)
 * Fix Rails 7.1 compatibility by using `ActiveRecord.timestamped_migrations` [#352](https://github.com/Sorcery/sorcery/pull/352)
 * Change CI settings for support Ruby3.0+ Rails6.1+ [#357](https://github.com/Sorcery/sorcery/pull/357)
 * Fix error when running the install generator [#339](https://github.com/Sorcery/sorcery/pull/339)

lib/sorcery/controller/submodules/session_timeout.rb

@@ -52,8 +52,7 @@ def register_login_time(_user, _credentials = nil)
  def validate_session
  session_to_use = Config.session_timeout_from_last_action ? session[:last_action_time] : session[:login_time]
  if (session_to_use && sorcery_session_expired?(session_to_use.to_time)) || sorcery_session_invalidated?
- reset_sorcery_session
- remove_instance_variable :@current_user if defined? @current_user
+ logout
  else
  session[:last_action_time] = Time.now.in_time_zone
  end